In my previous post, covering Target’s “Your Bot is Your Responsibility”  was the only move they could make. When you let an AI bot loose with your credit card, you are effectively handing your car keys to a teenager; you can’t act surprised when there’s a dent in the bumper. But Target’s stance isn’t just a legal shield; it is a flare gun fired over a massive Governance Gap. Today’s agentic commerce is high on technology and standards, but dangerously low on the commercial terms that actually make markets function. To be clear, it’s not for lack of effort from V/MA, nor is it technology; it is resistance to change.

The Challenge: Commercial Construct and Governance

We are drowning in “technically sound” protocols. Google’s AP2 (Agent Payments Protocol) is a masterclass in cryptographic engineering. It creates an immutable, non-repudiable audit trail of “Mandates”, digital proof of what you told your bot to do.

But an immutable chain of evidence is useless if it can’t be brought into a US courtroom for dispute resolution at scale. AP2 provides the communication and record keeping for agent to merchant, but it does not provide the contract. Without an enforceable framework that defines risk, liability, and terms, these protocols exist in a commercial vacuum.

As I’ve maintained, only the card networks (Visa and Mastercard) can solve this. Why? Because they provide the commercial construct that connects all parties in the agentic transaction. Their “moat” is a scaled and managed contractual framework that replaces millions of separate bilateral contracts for EVERY entity that touches the card and customer..

The Friction of Perfection: Sunk Costs and Misaligned Incentives

If Visa and Mastercard have the rules, why haven’t they fixed this already? They actually have (rules, VAS, Standards), but the friction is incredibly high, NOT technical but rather political, competitive and economic.

1. The Sunk Cost Trap: If network-level authentication becomes “perfect”, the value of proprietary merchant and processor device graphs goes to zero. Billions spent on behavioral biometrics and fraud stacks become sunk costs and 100% of the “value add” goes to the network (and its enablers). 
2. Value Flow Disparity. The value of “perfect authentication” AND 100% authorization also doesn’t flow equally. Large merchants like Amazon and Walmart have bespoke card pricing of 50bps, 7-10bps of fraud and almost 100% authorization rate. For a merchant like Footlocker, solving a 300bps+ fraud and 86% authorization rate is critical, but getting everyone to agree on VALUE of that service is like pushing a string uphill.
   
3. Pricing – The Incentive Gap: Right now, a 5bps 3DS fee is the only official network service for authentication and liability shift. If bank KYC powers a liability shift, and network VAS powers perfect auth what is the value for enabling a new agentic demand? Its different for different parties, but in every case its worth FAR MORE than 5bps. Giving merchants the OPTION to use the service is probably the right place to start.

Google and Non-Card:the “India Model” Threat

Europe currently has a massive advantage in the race to build a new authentication model that is operational (3DS footprint, SCA and the eIDAS framework). ECB also has the regulatory muscle and incentive to experiment with high-assurance trust.

While I’m placing my bets on V/MA and Amex, the biggest near-term threat to the card networks is Google. If Google enables non-card payments (like stablecoins or x402) and pairs them with a national ID (as they did successfully with UPI in India), they could enable consumers usage at parity with the networks. The smart move for the networks? Create an economic “win” for Google within the card ecosystem—think Apple’s 15bps/7bps model (incentives to keep their innovation efforts in card).  

Where Do We Go From Here?

Near-term, we are stuck in two primary flows:

• Agentic Merchant Checkout, no change to risk no new VAS (next two years). See my blogs on Google UCP and Device Graphs for more detail.
  
• Non-Card (Stablecoins/x402): These will play best where cards don’t, low-value micropayments and “Pay-to-Crawl” models for AI bots. But COULD move upstream, and enable massive new growth amongst specialist agents (see my MPP blog).

Don’t expect stablecoins to replace your Visa card for groceries anytime soon. They lack the consumer protections that consumers demand when a transaction goes sideways. The future of commerce isn’t about the smartest agent; it’s about a commercial agreement that aligns all of these technologies. This is where card networks have a massive opportunity (and advantage). They are the identity infrastructure of the internet today. We are moving from “taxing the movement of money” to “monetizing the binding of trust”.

The technology is ready. The agreements are just being written.. And the Gordian knot of agentic monetization is still TBD. The next big shoe to drop? Google’s buy for me that will be going live in next few weeks.